Ubuntu + Cisco VPN from the command-line

While the vpn client feature in the Ubuntu UI is very good, sometimes you need to VPN purely from the command-line. For example, if you need to VPN from a headless server into the network.

Say your config in Ubuntu looks like as follows. Setting up the vpnc command line version is fairly straight forward.

>apt-get install vpnc
>vim /etc/vpnc.conf

# add the following to /etc/vpnc.conf
IPSec gateway bhofc.bullhorn.com
IPSec ID MYCOMPANY
IPSec secret ***
Xauth username username
Xauth password ***
NAT Traversal Mode cisco-udp

# exit vim
>vpnc-connect
VPNC started in background (pid: 12490)...

# test, 192.168.1.7 is on your VPN network
>ping 192.168.1.7

If you have iptables setup to only allow white listed outbound traffic, you may be blocking necessary ports. Here is the config to open the required ports.

>iptables-save > /etc/iptables.conf
>vim /etc/iptables.conf

# add the following rules
-A OUTPUT -p tcp -m tcp --dport 500 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 500 -j ACCEPT
-A OUTPUT -p esp -j ACCEPT

# exit vim
>iptables-restore </etc/iptables.conf

Chase Seibert